pam_tty_audit bi-directional logging
Miloslav Trmač
mitr at redhat.com
Mon Jun 10 15:48:15 UTC 2013
----- Original Message -----
> On Friday, June 07, 2013 06:48:18 PM Miloslav Trmač wrote:
> > ----- Original Message -----
> >
> > > Is there any way to make pam_tty_audit log not only what the user types
> > > but
> > > also what the server sends back?
> >
> > No, this is currently not possible.
>
> Impossible as in 1) what is already shipped can't do this, or 2) no amount of
> code being added to the kernel can do this, or 3) for upstream political
> reasons?
Primarily 1), also
4) auditing output is a little more difficult because it's much more common to have a _lot_ of output (e.g. (find -name '*.c')), so TTY auditing should probably be able to throttle the TTY throughput. (In principle the same problem is with input as well - with a PTY I can cause massive amount of data to be audited - but it doesn't occur accidentally.)
Mirek
More information about the Linux-audit
mailing list